Author
Topic: Passworded gatekeeper for websites (Read 1925 times)

If there is a relatively easy way to do it, does anyone know of a product that works such that it could open various hyperlinks based on the combination of username and password entered.

Currently, I have this arrangement configured on a 'per-site' basis. But what is now desired is a way to handle multiple different accesses via a log-in button such that a user would end up on a specific homepage based on what they entered for a username/password combination.

There would be at least 40 sites that would all be accessed from single central log-in connection. which would provide no outward guide as to what goes where. A user would just enter their log-in and password and if that combination matched one on file in the database, they would be redirected to a specific website based on that match.

This is, in my opinion, another one of those "bad ideas" that management comes up with so often. Currently each user is given the correct web-link to go to when they are given their username and password in the first place. Mgmt has decided it would be a 'great idea' to add a "button" to our PUBLIC website to provide access to all those "private sites" for people who had logins and passwords for them. The problem being that there are 40 different private sites and I would need some way of knowing where to direct any given entry so that they only got into places they should be in and never into those where they shouldn't.

I believe someone got the bright idea that this would run up the numbers on our Stats page for the public site. But at what cost in loss of security? I have given up in trying to point this out.

Anyway, I guess a generic front-end gatekeeper program that could be loaded with every distributed combination of log-in/password as they are given out and then be able to redirect the authorized users to the sites they should be in based on the information they enter is what I am looking for.

If you run your company website on your premise, it is likely you have a static IP. If you also run a DNS server, you can easily create an unlimited amount of sub-domains. With Linux, Apache webserver and an instance of BIND (DNS) you can relatively easy create:

Each subdomain can have static or dynamically generated content page, tailored for each user. If that sounds like too much hassle maintenance-wise, you could consider using a static page generator, which generates a static page (per user) only when necessary.

Apache (or other web server software) allows you to password protect those static pages on each subdomain. You could use your current on-premise authorization solution to feed Apache with the correct username/password combo. Users logging in on their personal subdomain (something they do not forget that easily) using their credentials provided by your company, should make it rather easy for your users to work remotely.

Another idea is to use OPNsense and pfSense (router/firewall software (both open source, donations welcome)) that comes default with everything you need to run a cyber cafe. It can take authorization from different sources too. And allows for (real-time) monitoring what users are doing once they connect. Normally you use cyber cafe software the other way around, but when using it in opposite direction, it covers most of what management wants.

A VPN server (also part of OPNsense and pfSense) also allows for user-based redirecting to content intended for that particular user.

Easiness will depend greatly on what you already have (on-premise) and how well it can be integrated.

One could quite easily make a webservice that did this, i.e. queried the database based on user id/password and redirect them to their own page that had links on it. I don't know of any out-of-the-box solutions, but I've found that if you give them the solution to their problem, and they balk at the money involved (especially the pittance that would be), then they have to accept that they can't have the solution.

Come to think of it: why not use a subdomain for your main website and put a wiki at that subdomain?

After they login, users can get their tailor-made set of links, there are a lot of possibilities to monitor users and their activities. You also have a lot of options how your users are able to see or edit content from the wiki.

See this for a nice example of a wiki: BlueSpice. Their feature-list. Free and commercial license available.

You could download their free version an play with it on a test webserver to have an even better idea of what it can do. I did last week and I am impressed. The dashboard overview will please Management and make life of contributors and admin(s) easier too.

When I started I inherited a mediawiki installation. The editor that comes with this wiki software, is spartan and requires you to know wiki syntax by heart, before you can do something useful with it. For most, working with this wiki software is punishment. But with 12 years of data in it, I'm not allowed to change anytime soon. However, last week I was so fed up with it and discovered BlueSpice by accident.

The editor is a huge improvement and with the dashboard mediawiki software becomes much more useful and informative.

To be clear, no affiliation of any kind exists, just very happy with this mediawiki extension/upgrade.

Again, I greatly appreciate all the comments. Many of them are dead-on. I believe a solution I presented at a group meeting tonight was acceptable to the managers and this process will greatly simplify the entire procedure - IF it can be done on SquareSpace Hosting. 'SS' was not my choice of a host but it is what I am stuck with.

On the main website I just need to present a [button] that when clicked would open a small window with a box large enough for 15 characters and labeled with "Enter your group name here and click <Enter>". The characters entered in that box would be used to complete the value of a variable whose default value would be the first portion of the URL such "https://www.mysite.com/".

When they click Enter it would complete the variable and use it to open a window on the User's default browser to the site at that location.

Shades, you are 100% correct in the primary layout. That is the way I designed it many years ago and it has worked perfectly for all this time. This new wrinkle is caused by them wanting all traffic to go to the primary PUBLIC site before being redirected to the numerous private locations on another site using a single "Log In Button" on the Public Site.

The conundrum was that I have no way of knowing who "they" are when they click that button which makes it next to impossible to intelligently redirect them to anywhere. Much less do so "securely" without displaying a list of site options which was 100% "Verboten"!

I made a good case for using pre-assigned keyword distribution and making the keyword be the final part of the URL needed to take each party to their own location.The main destination is not really a 'secret' as such, only the individual sub-location within it contain any private information. And each of those sub-locations has its own Login/PW gatekeeper anyway.

Since each person only knows the specific name for their own subfolder, and these names are randomly generated, no Public User would ever get to anywhere other than the one subfolder they have the preassigned keyword for. This way, i don't have to maintain a "master Key-Keeper" and also don't have to show a list of all optional choices to anyone who clicks the login-in button. If anyone types in a nonexistent name into the login box, that would make it an invalid URL and they would get the 404 error code equivalent "This site can't be reached"

Doing this in HTML is not that hard. But. SquareSpace is not a normal hosting site and so far I am not getting very far with trying to redefine a "block" to create the the button object to do such "magik". So much for "Simplicity". Apache is much easier I think.

Eventually, I am sure I will get something to fly. But .. as always, I found that by asking the questions on DC it brought in so much extra information from all the people here and I wanted to thank everyone for their concepts and ideas. DC has always been the best place to start when trying to find a solution to anything!

After taking a look at SquareSpace, I understand your headache. Having a bit of knowledge about building websites is most of the time more of a hindrance than a boon with these kinds of "web-site builders". The resulting web-site is like the 13th in a dozen web-sites ('13 in een dozijn' for those that know Dutch), where only the quality of the first image makes or breaks the web-site.

Here in Paraguay the quality of the power grid and internet varies a lot, depending on where your office/home is located. Most of the time it works, which give some people the impression that sites created with such "web-site builders" are a good idea. Because of problems in either grid or network often results in inaccessible or worse, partially accessible web-sites, I have already had the "pleasure" to reconstruct several Wix-based web-sites in Joomla on a domain hosted by more reliable Paraguayan ISPs (at least they know when to fire up power generators to continue their services). [/bit of a rant]

After "playing" a while with the Joomla v3.5 CMS in combination with Gantry 5, you have much more options regarding layout, it also adapts to the resolution of the device you use to watch your public web-site and you can use drag-n-drop to change the layout.

The final kicker? Joomla enables by default its login module, so your public website can have username/password fields with login button on one or more or all pages of your public website. This would cover the demands of management and enables you o keep track who logs in. Each logged in user generates its own unique session ID, something you can use to your benefit as well.

Gantry is also available for WordPress and Drupal too, in case you disdain Joomla. Once you get your head around Gantry, you will find it is easy to create web-sites at least as capable as those generated/offered by those "web-site builders". And with a hint of effort you can do a lot more in every aspect.

Again, by applying a CMS you have more options to secure things, users can have their own landing page, administration options aplenty and management can get on-demand or automatically generated reports about users, web-site activities and more.

From what I saw there is that you can only go 2 layers deep. That is a serious limitation, which makes it a solution for very small businesses or "one-person shops". They also state you have unlimited bandwidth...which sounds like an overbooked shared server solution. What rate of overbooking your site is subject to, that is unclear from what I read on their website. Mind you, this doesn't have to be a problem, I just think it is better to know if and what limitations are imposed on the hosting plan I purchase.[/and a bit more ranting]